ato logo

How we use the data

Last updated 20 May 2021

Property management data

The property management data will assist with an information gap to support correct reporting of rental income, expenses and capital gains tax. The data will be used to:

  • inform rental property owners of their taxation obligations as part of an information and education campaigns
  • identify relevant cases for administrative action including compliance activities and educational strategies
  • gain insights from working with the data to design ways it can be used to make it easier for our clients to interact with the system and get their affairs right.

Our previous related programs

Each year we conduct a review of a random sample of tax returns to calculate the difference between the tax collected and the amount we should have collected if they were fully compliant with the law. For 2017–18 we estimate a net tax gap of 5.6% or $8.3 billion for individuals not in business. Rentals make up 18% of this net tax gap.

A sample of property manager's data was collected using our formal information gathering powers, to investigate the value of this data to help with reducing the rentals tax gap. The data samples were matched against ATO records and found to be of a standard acceptable for the objectives of this data-matching program.

Preliminary compliance review indicated a level of under reporting of rental income and over claiming of property management fees, sufficient to support the collection of a broader data population.

Data providers

The ATO is the matching agency and the sole user of the data obtained in the course of this data-matching program.

The source entities for this data matching program are identified as:

  • entities that provide rental property management software.

Selection criteria for data providers

We adopt a principles-based approach to ensure that our selection of data providers is fair and transparent. Inclusion of a data provider is based on the following principles:

  • The data owner or its subsidiary operates a business in Australia that is governed by Australian law.
  • The data owners provide software solutions for predominately residential property management activities.
  • The data owner undertook these activities in the year(s) in focus.
  • The data is integrated, centrally located and able to be extracted using database querying techniques.
  • Where the administrative or financial cost of collecting the data exceeds the benefit the data may provide, the data owner may be excluded from the program.

The data providers for this program will be reviewed annually against the eligibility principles.

See our Submission to the Information Commissioner setting out the basis for deviating from the publication of data provider names under the requirements of the guidelines and its impacts on individual privacy.

Our formal information gathering powers

The data will be obtained under our formal information gathering powers contained in section 353-10 of Schedule 1 to the Taxation Administration Act 1953.

This is a coercive power that obligates the data providers to provide the information requested. We will use the information for tax and superannuation compliance purposes.

Privacy Act

Data will only be used within the limits prescribed by Australian Privacy Principle 6 (APP6) contained in Schedule 1 of the Privacy Act and in particular:

  • APP6.2(b) – the use of the information is required or authorised by an Australian law
  • APP6.2(e) – the ATO reasonably believes that the use of the information is reasonably necessary for our enforcement-related activities.

Keeping data safe

The data-matching program will be conducted on our secure systems that comply with the requirements of:

All ATO computer systems are strictly controlled according to Australian Government security standards for government ICT systems, with features including:

  • system access controls and security groupings
  • login identification codes and password protection
  • full audit trails of data files and system accesses.

We will use our secure internet-based data transfer facility to obtain the data from source entities.

Data elements collected

Data will be collected for residential and commercial properties. We negotiate with the selected data providers individually to obtain data held within their systems. The collected data may contain all or a selection of the fields listed below – this depends on what fields the data provider holds.

Property owner details

  • unique ID
  • given name, middle and surname(s)
  • business name (if applicable)
  • business contact name(s) (if applicable)
  • addresses (residential, postal)
  • Australian business number (if applicable)
  • email address
  • contact phone numbers
  • BSB number
  • bank account number
  • bank account name.

Rental property details

  • unique ID
  • address
  • date property first available for rent
  • rental income category
  • rental income amount
  • rental expense category
  • rental expense amount
  • net rent amount.

Property manager details

  • business name
  • managing agent name (given and surname)
  • business addresses (business, postal, internet)
  • contact phone numbers
  • email address
  • Australian business number (ABN)
  • licence number.

Number of records

The number of individuals covered by this data collection is expected to be approximately 1.6 million annually.

Data quality

We conducted a pilot sampling the data and found the data was of a quality suitable for this data matching program.

Property management software providers have sophisticated computer systems. Property management providers operate in cross jurisdictional legislative frameworks. They must satisfy specific regulatory requirements including licencing, registration and due diligence obligations to maintain the quality of their records as part of their maintenance and supervision of trust accounts as real-estate businesses.

The data is sourced from providers' systems and may not be available in a format that can be readily processed by our systems. We apply extra levels of scrutiny and analytics to verify the quality of the data. This includes but is not limited to:

  • meeting with data providers to understand their data holdings, including their data use, data currency, formats, compatibility and natural systems
  • sampling data to ensure it is fit for purpose before fully engaging providers on acquisition tasks
  • verification practices at receipt of data to check against confirming documentation; we then use algorithms and other analytical methods to refine the data.

Data is transformed into a standardised format and validated to ensure that it contains the required data elements prior to loading to our computer systems. We undertake program evaluations to measure effectiveness before determining whether to continue to collect future years of the data or to discontinue the program.

To assure data is fit for consumption and maintains integrity throughout the data-matching program, it is assessed against the 11 elements of the ATO data-quality framework:

  • accuracy – the data correctly represents the actual value
  • completeness – all expected data in a data set is present
  • consistency – data values are consistent with values within the data set
  • currency – how recent the time period is that the data set covers
  • precision – the level of detail of a data element
  • privacy – access control and usage monitoring
  • reasonableness – reasonable data is within the bounds of common sense or specific operational context
  • referential integrity – when all intended references within a data set is valid
  • timeliness – how quickly the data is available for use from the time of collection
  • uniqueness – if duplicated files or records are in the data set
  • validity – data values are presented in the correct format and fall within predefined values.

Data retention

The collection of data under this program includes all financial years from 2018–19 to 2022–23. The data collection is annual following the end of each financial year.

Due to the likely number of data providers, we collect data periodically. We work co-operatively with data providers and aim to balance our requests against peaks and troughs of demand in a data provider's own business.

We destroy data that is no longer required, in accordance with the Archives Act 1983, the records authorities issued by the National Archives of Australia, both general and ATO-specific.

We will retain each financial year’s data for seven years from receipt of the final instalment of verified data files from all data providers. The data is required for this period for the protection of public revenue as:

  • The discrepancy matching that occurs under parts of this program is iterative in nature. This includes the data being used to generate lodgment reviews with subsequent lodgments then being compared to the transactional data for accuracy. This process can typically occur over multiple financial years.
  • Retaining data for seven years does not change our general compliance approach of reviewing an assessment within the standard period of review, which also aligns with the requirements for taxpayers to keep their records.
  • Real estate such as a rental property that is sold potentially triggers a capital gains event. This can include a main residence that has been rented out for a period. A property may be retained for many years prior to disposal. Retaining the data is necessary to assess rental impacts for capital gains events.
  • The data is also used in multiple risk models, including models that establish retrospective profiles over multiple years aligned with period of review.
  • It will enable the ATO to conduct long term trend analysis and risk profiling of the rental property market to help inform education campaigns.
  • The data enhances our ability to identify taxpayers who may not be complying with their tax and superannuation obligations, which is integral to protecting the integrity of the tax and superannuation systems.

While increased data-retention periods may increase the risk to privacy, we have a range of safeguards to appropriately manage and minimise this risk. ATO systems and controls are designed to ensure the privacy and security of the data we manage.

See also: